Mercurial > repos > other > Puppet

annotate modules/website/manifests/php.pp @ 106:ef0926ee389a puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Lock down Apache headers for security, based on https://securityheaders.io/
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 May 2016 17:10:10 +0100
parents 89a94c61e4d6
children b00eb9434938
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 class website::php(
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 $suffix = '',
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 $opcache = undef,
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
4 $extras = [],
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 ) {
3
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
6 File {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
7 notify => Service['httpd'],
32
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents: 22
diff changeset
8 tag => 'website',
3
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
9 }
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
10 Package {
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
11 notify => Service['httpd'],
32
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents: 22
diff changeset
12 tag => 'website',
3
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
13 }
32
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents: 22
diff changeset
14 Package <| tag == 'website' |> -> File <| tag == 'website' |>
69
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
15 define website::php::extra_php ($pkg = $title) {
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
16 package { "php${website::php::suffix}-${pkg}":
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
17 ensure => latest,
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
18 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
19 }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
20
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
21 website::php::extra_php { $extras: }
565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
22
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 $packages = [ "php${suffix}", "php${suffix}-mcrypt", "php${suffix}-mbstring", "php${suffix}-xml", "php${suffix}-gd" ]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 package { $packages:
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 ensure => latest,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 file { '/etc/php.d/custom-lockdown.ini':
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 ensure => present,
106
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
29 content => 'allow_url_fopen = \'off\'
ef0926ee389a Lock down Apache headers for security, based on https://securityheaders.io/
IBBoard <dev@ibboard.co.uk>
parents: 94
diff changeset
30 expose_php = Off',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31 }
17
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
32 file { '/etc/php.d/custom-php.ini':
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
33 ensure => present,
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
34 content => 'default_charset = \'UTF-8\'',
5ba2ddf53c29 Make sure we specify a default charset (even thought it defaults to UTF-8) because ownCloud complains
IBBoard <dev@ibboard.co.uk>
parents: 3
diff changeset
35 }
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
36
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 if $opcache {
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
38 package { "php${suffix}-${opcache}":
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 ensure => latest,
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
40 notify => Service['httpd'],
22
ccca5d75111f Fix ordering of packages vs files so that config files go in afterwards
IBBoard <dev@ibboard.co.uk>
parents: 17
diff changeset
41 require => Package["php${suffix}"],
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
42 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 file { '/etc/php.d/opcache.ini':
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44 ensure => present,
3
ea71652452e9 Give OpCache more memory and make sure that we refresh on config changes
IBBoard <dev@ibboard.co.uk>
parents: 0
diff changeset
45 content => 'zend_extension=/usr/lib64/php/modules/opcache.so
94
89a94c61e4d6 Reduce opcache memory usage because it doesn't use that much
IBBoard <dev@ibboard.co.uk>
parents: 72
diff changeset
46 opcache.memory_consumption=64',
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 }
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 }